The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

Thursday, January 26, 2017

From uni-directional to vibrant and dynamic; Ottawa Chapter on becoming a community

Today's guest post is by Tanya Janca Co leader of OWASP Ottawa

OWASP Ottawa used to be like most tech meetups, presentation-style meetings with 15-20 techies in the room for a 45 minutes presentation, followed by your typical Q&A. For the Ottawa chapter all of this changed when the Chapter Leadership decided to re-imagine OWASP into the kind of meetup that they would really want to attend for themselves. What followed was a membership increase of 450%, with female membership up by 5700% (yes, you read that right!), new types of events, a mentoring program, more talks, pre and post meeting social time, and a feeling of real community.

The first thing the Ottawa Chapter decided to look at was the lack of diversity in their membership; because diversity breeds innovation, and, it turns out, a great social atmosphere. To try to address this, one of the leaders started attending all the female-only tech events around town, as well as regular tech meet ups and conferences, and personally inviting everyone, especially women, to OWASP. Then she started doing technical talks as well, ending all the talks with an invite to join. This has gotten big results for the chapter, with new members signing up on Meetup.com after each outreach engagement. In 2015 the Ottawa Chapter also started an annual Capture the Flag (CTF) contest, which is a beginner level event that involves solving security puzzles. They put on the CTF because it's the type of experience that they want to have. The CTF is wildly popular, and is now the best-attended event of the year. The leaders were onto something, and having a great time doing it.

The next thing was finding a reliable, comfortable and awesome venue; and in Ottawa, this meant Shopify. Shopify is extremely supportive of the technical meetup ‘scene’ in Ottawa, and partnered with the OWASP chapter to provide a stylish, trendy and fully wi-fi enabled location for all of their meetups for the last two years. The chapter also switched over to using Meetup.com at this point, instead of the email list, to make keeping tracking of RSVPs 1000 times easier, and to enable people who do attend to reach other to each other and communicate more easily. Plus, it helps with remembering names.

During 2016, OWASP Ottawa decided to step it up a notch; they started having two speakers per night instead of one, they had their first beginner-style talks about application security (for newcomers), had their first two female speakers. They also single handedly launched a mentoring program from scratch. The entire atmosphere of the meetings has changed. The previous curious smiles and furtive glances has turned into people shaking hands when they walk in. The monthly get-togethers are no longer just a professional networking opportunity.

For 2017, the Ottawa chapter plans to continue their momentum. They started by adding 5 new volunteers, and creating a pre-committee to evaluate if Ottawa is capable of hosting the first ‘AppSec North’. Many brand new events and initiatives for 2017 were also rolled out, including an OWASP Ottawa slack channel, video taping and uploading of all new talks, as well as a more-aggressive recruitment program for new members.

You may be wondering at this point if you can get results like this for your chapter. The answer is you can, you just need to start doing something new. You probably have a list of ideas in the back of your mind, which is a good place to start. You can also survey your membership and listen to their ideas, check out what other chapters are doing, or even use any of the ideas from this article (list below) and try them out for your chapter! The point is, if you want to see some changes you need to make some changes. If the old way isn’t working, why not try something new?

Potential ideas for your chapter:

If the leadership of your chapter is not diverse you are potentially limiting your viewpoint. Add a woman, a student, an immigrant, an ethnic minority and/or someone else new and different to your organizing team in order to gain new perspectives.

Team up with other community focused groups such as the public library, student associations or other IT groups.

Branch out in the types of events that you offer, consider running a Capture the Flag, a workshop or some other hands-on type of event.

Start hosting “intro to AppSec” events, as well as slightly "off topic” lectures that may draw in a different crowd.

If someone gives a really great talk about Application Security and they mention OWASP, as them if they would consider giving that same talk to other meet ups and groups, and help them arrange it.

If you’d like further details on how the Ottawa chapter has revitalized the scene, you can write the Ottawa chapter leaders, Sherif.Koussa@owasp.org or Tanya.Janca@owasp.org, for details. The point is, if you want to see some changes you need to make some changes. If the old way isn’t working, why not try something new?

With these ideas and tools in mind, we wish you great success in running your chapter!